Unsecure docker file shipped with npm package

*Description:*

Using Tirvy to scan packages for security vulnerabilities and other issues, this module includes the following Dockerfile:

```
FROM selenium/node-chrome:latest

USER root

RUN apt-get update -qqy \
  && rm -rf /var/lib/apt/lists/* /var/cache/apt/* \
  && rm /bin/sh && ln -s /bin/bash /bin/sh \
  && chown seluser /usr/local

ENV NVM_DIR /usr/local/nvm
RUN mkdir -p $NVM_DIR \
  && wget -qO- https://raw.githubusercontent.com/creationix/nvm/v0.35.2/install.sh | bash \
  && source $NVM_DIR/nvm.sh \
  && nvm install v12

ENV CHROME_BIN /opt/google/chrome/chrome
ENV INSIDE_DOCKER=1

WORKDIR /usr/src
ENTRYPOINT source $NVM_DIR/nvm.sh && npm i && npm test
```

This triggers the following HIGH severity warnings:

https://avd.aquasec.com/misconfig/dockerfile/general/avd-ds-0002/
https://avd.aquasec.com/misconfig/dockerfile/general/avd-ds-0017/


Can you please add this file to the npm ignore as it does not need to be shipped with this dependency

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Unsecure docker file shipped with npm package #59

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Unsecure docker file shipped with npm package #59

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions